Tflint vulnerability (CVE-2024-24788)

[irfanasyraf]

Hello,

I am already on the latest version of Tflint (0.51.1) and after scanning the binary I found that the related CVE-2024-24788 is still flagging and showing a HIGH severity vulnerability. From the scan it looks like a fixed version of stdlib 1.22.3. However the fixed version seems like it is not embedded in the latest Tflint.

Hence, we would like to know on the status of the CVE and if there is any plans to make fix the CVE in any upcoming versions.

Appreciate any help on this.

Thank you!

[wata727]

CVE-2024-24788 does not impact TFLint's normal workload.
This will be fixed in a future release when the Go version is updated, but no emergency security release is planned.